X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/d9056330c99869fd61663db53ad57b50af3b64b3..476861787f6e1b8a6c6af9307a15b9e57cb979dc:/openssh/ChangeLog diff --git a/openssh/ChangeLog b/openssh/ChangeLog index 1242fa0..fc8809a 100644 --- a/openssh/ChangeLog +++ b/openssh/ChangeLog @@ -1,3 +1,644 @@ +20080327 + - (dtucker) Cache selinux status earlier so we know if it's enabled after a + chroot. Allows ChrootDirectory to work with selinux support compiled in + but not enabled. Using it with selinux enabled will require some selinux + support inside the chroot. "looks sane" djm@ + - (djm) Fix RCS ident in sftp-server-main.c + - (djm) OpenBSD CVS sync: + - jmc@cvs.openbsd.org 2008/02/11 07:58:28 + [ssh.1 sshd.8 sshd_config.5] + bump Mdocdate for pages committed in "febuary", necessary because + of a typo in rcs.c; + - deraadt@cvs.openbsd.org 2008/03/13 01:49:53 + [monitor_fdpass.c] + Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to + an extensive discussion with otto, kettenis, millert, and hshoexer + - deraadt@cvs.openbsd.org 2008/03/15 16:19:02 + [monitor_fdpass.c] + Repair the simple cases for msg_controllen where it should just be + CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because + of alignment; ok kettenis hshoexer + - djm@cvs.openbsd.org 2008/03/23 12:54:01 + [sftp-client.c] + prefer POSIX-style file renaming over filexfer rename behaviour if the + server supports the posix-rename@openssh.com extension. + Note that the old (filexfer) behaviour would refuse to clobber an + existing file. Users who depended on this should adjust their sftp(1) + usage. + ok deraadt@ markus@ + - deraadt@cvs.openbsd.org 2008/03/24 16:11:07 + [monitor_fdpass.c] + msg_controllen has to be CMSG_SPACE so that the kernel can account for + each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This + works now that kernel fd passing has been fixed to accept a bit of + sloppiness because of this ABI repair. + lots of discussion with kettenis + - djm@cvs.openbsd.org 2008/03/25 11:58:02 + [session.c sshd_config.5] + ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; + from dtucker@ ok deraadt@ djm@ + - djm@cvs.openbsd.org 2008/03/25 23:01:41 + [session.c] + last patch had backwards test; spotted by termim AT gmail.com + - djm@cvs.openbsd.org 2008/03/26 21:28:14 + [auth-options.c auth-options.h session.c sshd.8] + add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc + - djm@cvs.openbsd.org 2008/03/27 00:16:49 + [version.h] + openssh-4.9 + - djm@cvs.openbsd.org 2008/03/24 21:46:54 + [regress/sftp-badcmds.sh] + disable no-replace rename test now that we prefer a POSIX rename; spotted + by dkrause@ + - (djm) [configure.ac] fix alignment of --without-stackprotect description + - (djm) [configure.ac] --with-selinux too + - (djm) [regress/Makefile] cleanup PuTTY interop test droppings + - (djm) [README] Update link to release notes + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Crank version numbers in RPM spec files + - (djm) Release 4.9p1 + +20080315 + - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are + empty; report and patch from Peter Stuge + - (djm) [regress/test-exec.sh] Silence noise from detection of putty + commands; report from Peter Stuge + - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing + crashes when used with ChrootDirectory + +20080314 + - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by + vinschen at redhat.com. Add () to put echo commands in subshell for lls test + I mistakenly left out of last commit. + - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at + nas.nasa.gov + +20080313 + - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to + self: make changes to Makefile.in next time, not the generated Makefile). + - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and + puttygen(1) by $PATH + - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch + by vinschen at redhat.com. + - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes + from vinschen at redhat.com and imorgan at nas.nasa.gov + +20080312 + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/10/29 06:57:13 + [regress/Makefile regress/localcommand.sh] + Add simple regress test for LocalCommand; ok djm@ + - jmc@cvs.openbsd.org 2007/11/25 15:35:09 + [regress/agent-getpeereid.sh regress/agent.sh] + more existant -> existent, from Martynas Venckus; + pfctl changes: ok henning + ssh changes: ok deraadt + - djm@cvs.openbsd.org 2007/12/12 05:04:03 + [regress/sftp-cmds.sh] + unbreak lls command and add a regress test that would have caught the + breakage; spotted by mouring@ + NB. sftp code change already committed. + - djm@cvs.openbsd.org 2007/12/21 04:13:53 + [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] + [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] + basic (crypto, kex and transfer) interop regression tests against putty + To run these, install putty and run "make interop-tests" from the build + directory - the tests aren't run by default yet. + +20080311 + - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move + pam_open_session and pam_close_session into the privsep monitor, which + will ensure that pam_session_close is called as root. Patch from Tomas + Mraz. + +20080309 + - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't + always work for all platforms and versions, so test what we can and + add a configure flag to turn it of if needed. ok djm@ + - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups + implementation. It's not needed to fix bug #1081 and breaks the build + on some AIX configurations. + - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's + equivalent of LLONG_MAX for the compat regression tests, which makes them + run on AIX and HP-UX. Patch from David Leonard. + - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch + platforms where gcc understands the option but it's not supported (and + thus generates a warning). + +20080307 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2008/02/11 07:58:28 + [ssh.1 sshd.8 sshd_config.5] + bump Mdocdate for pages committed in "febuary", necessary because + of a typo in rcs.c; + - djm@cvs.openbsd.org 2008/02/13 22:38:17 + [servconf.h session.c sshd.c] + rekey arc4random and OpenSSL RNG in postauth child + closefrom fds > 2 before shell/command execution + ok markus@ + - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31 + [sshd.c] + When started in configuration test mode (-t) do not check that sshd is + being started with an absolute path. + ok djm + - markus@cvs.openbsd.org 2008/02/20 15:25:26 + [session.c] + correct boolean encoding for coredump; der Mouse via dugsong + - djm@cvs.openbsd.org 2008/02/22 05:58:56 + [session.c] + closefrom() call was too early, delay it until just before we execute + the user's rc files (if any). + - dtucker@cvs.openbsd.org 2008/02/22 20:44:02 + [clientloop.c packet.c packet.h serverloop.c] + Allow all SSH2 packet types, including UNIMPLEMENTED to reset the + keepalive timer (bz #1307). ok markus@ + - djm@cvs.openbsd.org 2008/02/27 20:21:15 + [sftp-server.c] + add an extension method "posix-rename@openssh.com" to perform POSIX atomic + rename() operations. based on patch from miklos AT szeredi.hu in bz#1400; + ok dtucker@ markus@ + - deraadt@cvs.openbsd.org 2008/03/02 18:19:35 + [monitor_fdpass.c] + use a union to ensure alignment of the cmsg (pay attention: various other + parts of the tree need this treatment too); ok djm + - deraadt@cvs.openbsd.org 2008/03/04 21:15:42 + [version.h] + crank version; from djm + - (tim) [regress/sftp-glob.sh] Shell portability fix. + +20080302 + - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect + either, so use our own. + +20080229 + - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in + configure (and there's not much point, as openssh won't work without it) + so HAVE_SELECT is not defined and the poll(2) compat code doesn't get + built in. Remove HAVE_SELECT so we can build on platforms without poll. + - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H. + - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From + Debian patch via bernd AT openbsd.org + +20080228 + - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes + linking problems on AIX with gcc 4.1.x. + - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c + openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat + header to after OpenSSL headers, since some versions of OpenSSL have + SSLeay_add_all_algorithms as a macro already. + - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL + compat glue into openssl-compat.h. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement + getgrouplist via getgrset on AIX, rather than iterating over getgrent. + This allows, eg, Match and AllowGroups directives to work with NIS and + LDAP groups. + - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the + same SyslogFacility as the rest of sshd. Patch from William Knox, + ok djm@. + +20080225 + - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack + since it now conflicts with the helper function in misc.c. From + vinschen AT redhat.com. + - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation + of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). + Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@ + - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle + headers so ./configure --with-ssl-engine actually works. Patch from + Ian Lister. + +20080224 + - (tim) [contrib/cygwin/ssh-host-config] + Grammar changes on SYSCONFDIR LOCALSTATEDIR messages. + Check more thoroughly that it's possible to create the /var/empty directory. + Patch by vinschen AT redhat.com + +20080210 + - OpenBSD CVS Sync + - chl@cvs.openbsd.org 2008/01/11 07:22:28 + [sftp-client.c sftp-client.h] + disable unused functions + initially from tobias@, but disabled them by placing them in + "#ifdef notyet" which was asked by djm@ + ok djm@ tobias@ + - djm@cvs.openbsd.org 2008/01/19 19:13:28 + [ssh.1] + satisfy the pedants: -q does not suppress all diagnostic messages (e.g. + some commandline parsing warnings go unconditionally to stdout). + - djm@cvs.openbsd.org 2008/01/19 20:48:53 + [clientloop.c] + fd leak on session multiplexing error path. Report and patch from + gregory_shively AT fanniemae.com + - djm@cvs.openbsd.org 2008/01/19 20:51:26 + [ssh.c] + ignore SIGPIPE in multiplex client mode - we can receive this if the + server runs out of fds on us midway. Report and patch from + gregory_shively AT fanniemae.com + - djm@cvs.openbsd.org 2008/01/19 22:04:57 + [sftp-client.c] + fix remote handle leak in do_download() local file open error path; + report and fix from sworley AT chkno.net + - djm@cvs.openbsd.org 2008/01/19 22:22:58 + [ssh-keygen.c] + when hashing individual hosts (ssh-keygen -Hf hostname), make sure we + hash just the specified hostname and not the entire hostspec from the + keyfile. It may be of the form "hostname,ipaddr", which would lead to + a hash that never matches. report and fix from jp AT devnull.cz + - djm@cvs.openbsd.org 2008/01/19 22:37:19 + [ssh-keygen.c] + unbreak line numbering (broken in revision 1.164), fix error message + - djm@cvs.openbsd.org 2008/01/19 23:02:40 + [channels.c] + When we added support for specified bind addresses for port forwards, we + added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of + this for -L port forwards that causes the client to listen on both v4 + and v6 addresses when connected to a server with this quirk, despite + having set 0.0.0.0 as a bind_address. + report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@ + - djm@cvs.openbsd.org 2008/01/19 23:09:49 + [readconf.c readconf.h sshconnect2.c] + promote rekeylimit to a int64 so it can hold the maximum useful limit + of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@ + - djm@cvs.openbsd.org 2008/01/20 00:38:30 + [sftp.c] + When uploading, correctly handle the case of an unquoted filename with + glob metacharacters that match a file exactly but not as a glob, e.g. a + file called "[abcd]". report and test cases from duncan2nd AT gmx.de + - djm@cvs.openbsd.org 2008/01/21 17:24:30 + [sftp-server.c] + Remove the fixed 100 handle limit in sftp-server and allocate as many + as we have available file descriptors. Patch from miklos AT szeredi.hu; + ok dtucker@ markus@ + - djm@cvs.openbsd.org 2008/01/21 19:20:17 + [sftp-client.c] + when a remote write error occurs during an upload, ensure that ACKs for + all issued requests are properly drained. patch from t8m AT centrum.cz + - dtucker@cvs.openbsd.org 2008/01/23 01:56:54 + [clientloop.c packet.c serverloop.c] + Revert the change for bz #1307 as it causes connection aborts if an IGNORE + packet arrives while we're waiting in packet_read_expect (and possibly + elsewhere). + - jmc@cvs.openbsd.org 2008/01/31 20:06:50 + [scp.1] + explain how to handle local file names containing colons; + requested by Tamas TEVESZ + ok dtucker + - markus@cvs.openbsd.org 2008/02/04 21:53:00 + [session.c sftp-server.c sftp.h] + link sftp-server into sshd; feedback and ok djm@ + - mcbride@cvs.openbsd.org 2008/02/09 12:15:43 + [ssh.1 sshd.8] + Document the correct permissions for the ~/.ssh/ directory. + ok jmc + - djm@cvs.openbsd.org 2008/02/10 09:55:37 + [sshd_config.5] + mantion that "internal-sftp" is useful with ForceCommand too + - djm@cvs.openbsd.org 2008/02/10 10:54:29 + [servconf.c session.c] + delay ~ expansion for ChrootDirectory so it expands to the logged-in user's + home, rather than the user who starts sshd (probably root) + +20080119 + - (djm) Silence noice from expr in ssh-copy-id; patch from + mikel AT mikelward.com + - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from + tsr2600 AT gmail.com + +20080102 + - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. + +20080101 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/12/31 10:41:31 + [readconf.c servconf.c] + Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch + from Dmitry V. Levin, ok djm@ + - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 + [sshd.c] + When in inetd mode, have sshd generate a Protocol 1 ephemeral server + key only for connections where the client chooses Protocol 1 as opposed + to when it's enabled in the server's config. Speeds up Protocol 2 + connections to inetd-mode servers that also allow Protocol 1. bz #440, + based on a patch from bruno at wolff.to, ok markus@ + - dtucker@cvs.openbsd.org 2008/01/01 08:47:04 + [misc.c] + spaces -> tabs from my previous commit + - dtucker@cvs.openbsd.org 2008/01/01 09:06:39 + [scp.c] + If scp -p encounters a pre-epoch timestamp, use the epoch which is + as close as we can get given that it's used unsigned. Add a little + debugging while there. bz #828, ok djm@ + - dtucker@cvs.openbsd.org 2008/01/01 09:27:33 + [sshd_config.5 servconf.c] + Allow PermitRootLogin in a Match block. Allows for, eg, permitting root + only from the local network. ok markus@, man page bit ok jmc@ + - dtucker@cvs.openbsd.org 2008/01/01 08:51:20 + [moduli] + Updated moduli file; ok djm@ + +20071231 + - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of + builtin glob implementation on Mac OS X. Based on a patch from + vgiffin at apple. + +20071229 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2007/12/12 05:04:03 + [sftp.c] + unbreak lls command and add a regress test that would have caught the + breakage; spotted by mouring@ + - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 + [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c + sshd.c] + Add a small helper function to consistently handle the EAI_SYSTEM error + code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. + ok markus@ stevesk@ + - dtucker@cvs.openbsd.org 2007/12/28 15:32:24 + [clientloop.c serverloop.c packet.c] + Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the + ServerAlive and ClientAlive timers. Prevents dropping a connection + when these are enabled but the peer does not support our keepalives. + bz #1307, ok djm@. + - dtucker@cvs.openbsd.org 2007/12/28 22:34:47 + [clientloop.c] + Use the correct packet maximum sizes for remote port and agent forwarding. + Prevents the server from killing the connection if too much data is queued + and an excessively large packet gets sent. bz #1360, ok djm@. + +20071202 + - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where + gcc supports it. ok djm@ + - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove + leftover debug code. + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/10/29 00:52:45 + [auth2-gss.c] + Allow build without -DGSSAPI; ok deraadt@ + (Id sync only, Portable already has the ifdefs) + - dtucker@cvs.openbsd.org 2007/10/29 01:55:04 + [ssh.c] + Plug tiny mem leaks in ControlPath and ProxyCommand option processing; + ok djm@ + - dtucker@cvs.openbsd.org 2007/10/29 04:08:08 + [monitor_wrap.c monitor.c] + Send config block back to slave for invalid users too so options + set by a Match block (eg Banner) behave the same for non-existent + users. Found by and ok djm@ + - dtucker@cvs.openbsd.org 2007/10/29 06:51:59 + [ssh_config.5] + ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@ + - dtucker@cvs.openbsd.org 2007/10/29 06:54:50 + [ssh.c] + Make LocalCommand work for Protocol 1 too; ok djm@ + - jmc@cvs.openbsd.org 2007/10/29 07:48:19 + [ssh_config.5] + clean up after previous macro removal; + - djm@cvs.openbsd.org 2007/11/03 00:36:14 + [clientloop.c] + fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM; + ok dtucker@ + - deraadt@cvs.openbsd.org 2007/11/03 01:24:06 + [ssh.c] + bz #1377: getpwuid results were being clobbered by another getpw* call + inside tilde_expand_filename(); save the data we need carefully + ok djm + - dtucker@cvs.openbsd.org 2007/11/03 02:00:32 + [ssh.c] + Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@ + - deraadt@cvs.openbsd.org 2007/11/03 02:03:49 + [ssh.c] + avoid errno trashing in signal handler; ok dtucker + +20071030 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2007/10/29 23:49:41 + [openbsd-compat/sys-tree.h] + remove extra backslash at the end of RB_PROTOTYPE, report from + Jan.Pechanec AT Sun.COM; ok deraadt@ + +20071026 + - (djm) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2007/09/11 23:49:09 + [sshpty.c] + remove #if defined block not needed; ok markus@ dtucker@ + (NB. RCD ID sync only for portable) + - djm@cvs.openbsd.org 2007/09/21 03:05:23 + [ssh_config.5] + document KbdInteractiveAuthentication in ssh_config.5; + patch from dkg AT fifthhorseman.net + - djm@cvs.openbsd.org 2007/09/21 08:15:29 + [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c] + [monitor.c monitor_wrap.c] + unifdef -DBSD_AUTH + unifdef -USKEY + These options have been in use for some years; + ok markus@ "no objection" millert@ + (NB. RCD ID sync only for portable) + - canacar@cvs.openbsd.org 2007/09/25 23:48:57 + [ssh-agent.c] + When adding a key that already exists, update the properties + (time, confirm, comment) instead of discarding them. ok djm@ markus@ + - ray@cvs.openbsd.org 2007/09/27 00:15:57 + [dh.c] + Don't return -1 on error in dh_pub_is_valid(), since it evaluates + to true. + Also fix a typo. + Initial diff from Matthew Dempsky, input from djm. + OK djm, markus. + - dtucker@cvs.openbsd.org 2007/09/29 00:25:51 + [auth2.c] + Remove unused prototype. ok djm@ + - chl@cvs.openbsd.org 2007/10/02 17:49:58 + [ssh-keygen.c] + handles zero-sized strings that fgets can return + properly removes trailing newline + removes an unused variable + correctly counts line number + "looks ok" ray@ markus@ + - markus@cvs.openbsd.org 2007/10/22 19:10:24 + [readconf.c] + make sure that both the local and remote port are correct when + parsing -L; Jan Pechanec (bz #1378) + - djm@cvs.openbsd.org 2007/10/24 03:30:02 + [sftp.c] + rework argument splitting and parsing to cope correctly with common + shell escapes and make handling of escaped characters consistent + with sh(1) and between sftp commands (especially between ones that + glob their arguments and ones that don't). + parse command flags using getopt(3) rather than hand-rolled parsers. + ok dtucker@ + - djm@cvs.openbsd.org 2007/10/24 03:44:02 + [scp.c] + factor out network read/write into an atomicio()-like function, and + use it to handle short reads, apply bandwidth limits and update + counters. make network IO non-blocking, so a small trickle of + reads/writes has a chance of updating the progress meter; bz #799 + ok dtucker@ + - djm@cvs.openbsd.org 2006/08/29 09:44:00 + [regress/sftp-cmds.sh] + clean up our mess + - markus@cvs.openbsd.org 2006/11/06 09:27:43 + [regress/cfgmatch.sh] + fix quoting for non-(c)sh login shells. + - dtucker@cvs.openbsd.org 2006/12/13 08:36:36 + [regress/cfgmatch.sh] + Additional test for multiple PermitOpen entries. ok djm@ + - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46 + [regress/cipher-speed.sh regress/try-ciphers.sh] + test umac-64@openssh.com + ok djm@ + - djm@cvs.openbsd.org 2007/10/24 03:32:35 + [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh] + comprehensive tests for sftp escaping its interaction with globbing; + ok dtucker@ + - djm@cvs.openbsd.org 2007/10/26 05:30:01 + [regress/sftp-glob.sh regress/test-exec.sh] + remove "echo -E" crap that I added in last commit and use printf(1) for + cases where we strictly require echo not to reprocess escape characters. + - deraadt@cvs.openbsd.org 2005/11/28 17:50:12 + [openbsd-compat/glob.c] + unused arg in internal static API + - jakob@cvs.openbsd.org 2007/10/11 18:36:41 + [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h] + use RRSIG instead of SIG for DNSSEC. ok djm@ + - otto@cvs.openbsd.org 2006/10/21 09:55:03 + [openbsd-compat/base64.c] + remove calls to abort(3) that can't happen anyway; from + ; ok millert@ deraadt@ + - frantzen@cvs.openbsd.org 2004/04/24 18:11:46 + [openbsd-compat/sys-tree.h] + sync to Niels Provos' version. avoid unused variable warning in + RB_NEXT() + - tdeval@cvs.openbsd.org 2004/11/24 18:10:42 + [openbsd-compat/sys-tree.h] + typo + - grange@cvs.openbsd.org 2004/05/04 16:59:32 + [openbsd-compat/sys-queue.h] + Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro. + This matches our SLIST behaviour and NetBSD's SIMPLEQ as well. + ok millert krw deraadt + - deraadt@cvs.openbsd.org 2005/02/25 13:29:30 + [openbsd-compat/sys-queue.h] + minor white spacing + - otto@cvs.openbsd.org 2005/10/17 20:19:42 + [openbsd-compat/sys-queue.h] + Performing certain operations on queue.h data structurs produced + funny results. An example is calling LIST_REMOVE on the same + element twice. This will not fail, but result in a data structure + referencing who knows what. Prevent these accidents by NULLing some + fields on remove and replace. This way, either a panic or segfault + will be produced on the faulty operation. + - otto@cvs.openbsd.org 2005/10/24 20:25:14 + [openbsd-compat/sys-queue.h] + Partly backout. NOLIST, used in LISTs is probably interfering. + requested by deraadt@ + - otto@cvs.openbsd.org 2005/10/25 06:37:47 + [openbsd-compat/sys-queue.h] + Some uvm problem is being exposed with the more strict macros. + Revert until we've found out what's causing the panics. + - otto@cvs.openbsd.org 2005/11/25 08:06:25 + [openbsd-compat/sys-queue.h] + Introduce debugging aid for queue macros. Disabled by default; but + developers are encouraged to run with this enabled. + ok krw@ fgsch@ deraadt@ + - otto@cvs.openbsd.org 2007/04/30 18:42:34 + [openbsd-compat/sys-queue.h] + Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels. + Input and okays from krw@, millert@, otto@, deraadt@, miod@. + - millert@cvs.openbsd.org 2004/10/07 16:56:11 + GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE + block. + (NB. mostly an RCS ID sync, as portable strips out the conditionals) + - (djm) [regress/sftp-cmds.sh] + Use more restrictive glob to pick up test files from /bin - some platforms + ship broken symlinks there which could spoil the test. + - (djm) [openbsd-compat/bindresvport.c] + Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling + +20070927 + - (dtucker) [configure.ac atomicio.c] Fall back to including if + we don't have (eq QNX). From bacon at cs nyu edu. + - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6 + so disable it for that platform. From bacon at cs nyu edu. + +20070921 + - (djm) [atomicio.c] Fix spin avoidance for platforms that define + EWOULDBLOCK; patch from ben AT psc.edu + +20070917 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2007/08/23 02:49:43 + [auth-passwd.c auth.c session.c] + unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ + NB. RCS ID sync only for portable + - djm@cvs.openbsd.org 2007/08/23 02:55:51 + [auth-passwd.c auth.c session.c] + missed include bits from last commit + NB. RCS ID sync only for portable + - djm@cvs.openbsd.org 2007/08/23 03:06:10 + [auth.h] + login_cap.h doesn't belong here + NB. RCS ID sync only for portable + - djm@cvs.openbsd.org 2007/08/23 03:22:16 + [auth2-none.c sshd_config sshd_config.5] + Support "Banner=none" to disable displaying of the pre-login banner; + ok dtucker@ deraadt@ + - djm@cvs.openbsd.org 2007/08/23 03:23:26 + [sshconnect.c] + Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally + - djm@cvs.openbsd.org 2007/09/04 03:21:03 + [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h] + [monitor_wrap.c ssh.c] + make file descriptor passing code return an error rather than call fatal() + when it encounters problems, and use this to make session multiplexing + masters survive slaves failing to pass all stdio FDs; ok markus@ + - djm@cvs.openbsd.org 2007/09/04 11:15:56 + [ssh.c sshconnect.c sshconnect.h] + make ssh(1)'s ConnectTimeout option apply to both the TCP connection and + SSH banner exchange (previously it just covered the TCP connection). + This allows callers of ssh(1) to better detect and deal with stuck servers + that accept a TCP connection but don't progress the protocol, and also + makes ConnectTimeout useful for connections via a ProxyCommand; + feedback and "looks ok" markus@ + - sobrado@cvs.openbsd.org 2007/09/09 11:38:01 + [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c] + sort synopsis and options in ssh-agent(1); usage is lowercase + ok jmc@ + - stevesk@cvs.openbsd.org 2007/09/11 04:36:29 + [sshpty.c] + sort #include + NB. RCS ID sync only + - gilles@cvs.openbsd.org 2007/09/11 15:47:17 + [session.c ssh-keygen.c sshlogin.c] + use strcspn to properly overwrite '\n' in fgets returned buffer + ok pyr@, ray@, millert@, moritz@, chl@ + - stevesk@cvs.openbsd.org 2007/09/11 23:49:09 + [sshpty.c] + remove #if defined block not needed; ok markus@ dtucker@ + NB. RCS ID sync only + - stevesk@cvs.openbsd.org 2007/09/12 19:39:19 + [umac.c] + use xmalloc() and xfree(); ok markus@ pvalchev@ + - djm@cvs.openbsd.org 2007/09/13 04:39:04 + [sftp-server.c] + fix incorrect test when setting syslog facility; from Jan Pechanec + - djm@cvs.openbsd.org 2007/09/16 00:55:52 + [sftp-client.c] + use off_t instead of u_int64_t for file offsets, matching what the + progressmeter code expects; bz #842 + - (tim) [defines.h] Fix regression in long password support on OpenServer 6. + Problem report and additional testing rac AT tenzing.org. + +20070914 + - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path. + Patch from Jan.Pechanec at sun com. + +20070910 + - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always + return 0 on successful test. From David.Leonard at quest com. + - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we + did a AC_CHECK_FUNCS within the AC_CHECK_LIB test. + 20070817 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked accounts and that's what the code looks for, so make man page and code